Thanks for your tips.
I finally got it working by adding another <Location> element after the
standard <Location /svn> element, like this:
<Location /svn> <!-- old element -->
DAV svn
SVNPath /var/svnroot
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/apache2/dav_svn.passwd
AuthzSVNAccessFile /etc/apache2/dav_svn.authz
Satisfy Any
Require valid-user
</Location>
<Location ~ "/svn/.*(secret.file)$"> <!-- new element -->
AuthType Basic
AuthName "Restricted read access"
AuthUserFile /etc/apache2/dav_svn.passwd
AuthzSVNAccessFile /etc/apache2/dav_svn_noread.authz
Satisfy Any
Require valid-user
</Location>
And the authz files looks like this:
--- dav_svn.authz ---
[groups]
devs = john, jane
[/]
john = rw
* = r
[/projectone]
@devs = rw
* = r
--- dav_svn_noread.authz ---
[groups]
devs = john, jane
# here the root corresponds to the secret.file
[/]
@devs = rw
Best regards,
Fredrik Boström
Miha Vitorovic wrote:
> Doh!
>
> How about this then [I haven't tried it, though]:
>
> Create a special a special Authorization file that gives read acces only
> to those people that need it.
>
> Use reg-exp in the apache httpd.conf file to achieve what you need.
>
> From the apache documentation:
> --- cut 'ere ---
> Extended regular expressions can also be used, with the addition of the ~
> character. For example:
> <Location ~ "/(extra|special)/data">
> --- cut 'ere ---
>
> Something like this:
>
> <Location ~ "your-specail-file">
> DAV svn
> SVNPath C:/repo
>
> AuthType Basic
> AuthName "Special file access"
> AuthUserFile c:/etc/htpasswd
>
> Require valid-user
>
> AuthzSVNAccessFile c:/etc/your-special-auth-file
> </Location>
>
> Cheers,
> ---
> Miha Vitorovic
> Inženir v tehničnem področju
> Customer Support Engineer
>
> NIL Data Communications, Tivolska cesta 48, 1000 Ljubljana, Slovenia
> Phone +386 1 4746 500 Fax +386 1 4746 501 http://www.NIL.si
>
> "Max Bowsher" <maxb@ukf.net> wrote on 07.06.2005 12:24:59:
>
>
>>Miha Vitorovic wrote:
>>
>>>It seems to me that 'pre-commit' hook script is an excellent
>
> candidate
>
>>>for just this sort of thing...
>>
>>No. That will work for *write* access, but the question asked is about
>>*read* access.
>>
>>Max.
>>
>>
>>>---
>>> Miha Vitorovic
>>> Inženir v tehničnem področju
>>> Customer Support Engineer
>>>
>>> NIL Data Communications, Tivolska cesta 48, 1000 Ljubljana,
>
> Slovenia
>
>>> Phone +386 1 4746 500 Fax +386 1 4746 501 http://www.NIL.si
>>>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Jun 7 14:50:04 2005